add aks-store-demo

Environments/AKS-Store-Demo/abbreviations.json

@@ -0,0 +1,136 @@
+{
+    "analysisServicesServers": "as",
+    "apiManagementService": "apim-",
+    "appConfigurationConfigurationStores": "appcs-",
+    "appManagedEnvironments": "cae-",
+    "appContainerApps": "ca-",
+    "authorizationPolicyDefinitions": "policy-",
+    "automationAutomationAccounts": "aa-",
+    "blueprintBlueprints": "bp-",
+    "blueprintBlueprintsArtifacts": "bpa-",
+    "cacheRedis": "redis-",
+    "cdnProfiles": "cdnp-",
+    "cdnProfilesEndpoints": "cdne-",
+    "cognitiveServicesAccounts": "cog-",
+    "cognitiveServicesFormRecognizer": "cog-fr-",
+    "cognitiveServicesTextAnalytics": "cog-ta-",
+    "computeAvailabilitySets": "avail-",
+    "computeCloudServices": "cld-",
+    "computeDiskEncryptionSets": "des",
+    "computeDisks": "disk",
+    "computeDisksOs": "osdisk",
+    "computeGalleries": "gal",
+    "computeSnapshots": "snap-",
+    "computeVirtualMachines": "vm",
+    "computeVirtualMachineScaleSets": "vmss-",
+    "containerInstanceContainerGroups": "ci",
+    "containerRegistryRegistries": "cr",
+    "containerServiceManagedClusters": "aks-",
+    "databricksWorkspaces": "dbw-",
+    "dataFactoryFactories": "adf-",
+    "dataLakeAnalyticsAccounts": "dla",
+    "dataLakeStoreAccounts": "dls",
+    "dataMigrationServices": "dms-",
+    "dBforMySQLServers": "mysql-",
+    "dBforPostgreSQLServers": "psql-",
+    "devicesIotHubs": "iot-",
+    "devicesProvisioningServices": "provs-",
+    "devicesProvisioningServicesCertificates": "pcert-",
+    "documentDBDatabaseAccounts": "cosmos-",
+    "eventGridDomains": "evgd-",
+    "eventGridDomainsTopics": "evgt-",
+    "eventGridEventSubscriptions": "evgs-",
+    "eventHubNamespaces": "evhns-",
+    "eventHubNamespacesEventHubs": "evh-",
+    "hdInsightClustersHadoop": "hadoop-",
+    "hdInsightClustersHbase": "hbase-",
+    "hdInsightClustersKafka": "kafka-",
+    "hdInsightClustersMl": "mls-",
+    "hdInsightClustersSpark": "spark-",
+    "hdInsightClustersStorm": "storm-",
+    "hybridComputeMachines": "arcs-",
+    "insightsActionGroups": "ag-",
+    "insightsComponents": "appi-",
+    "keyVaultVaults": "kv-",
+    "kubernetesConnectedClusters": "arck",
+    "kustoClusters": "dec",
+    "kustoClustersDatabases": "dedb",
+    "loadTesting": "lt-",
+    "logicIntegrationAccounts": "ia-",
+    "logicWorkflows": "logic-",
+    "machineLearningServicesWorkspaces": "mlw-",
+    "managedIdentityUserAssignedIdentities": "id-",
+    "managementManagementGroups": "mg-",
+    "migrateAssessmentProjects": "migr-",
+    "networkApplicationGateways": "agw-",
+    "networkApplicationSecurityGroups": "asg-",
+    "networkAzureFirewalls": "afw-",
+    "networkBastionHosts": "bas-",
+    "networkConnections": "con-",
+    "networkDnsZones": "dnsz-",
+    "networkExpressRouteCircuits": "erc-",
+    "networkFirewallPolicies": "afwp-",
+    "networkFirewallPoliciesWebApplication": "waf",
+    "networkFirewallPoliciesRuleGroups": "wafrg",
+    "networkFrontDoors": "fd-",
+    "networkFrontdoorWebApplicationFirewallPolicies": "fdfp-",
+    "networkLoadBalancersExternal": "lbe-",
+    "networkLoadBalancersInternal": "lbi-",
+    "networkLoadBalancersInboundNatRules": "rule-",
+    "networkLocalNetworkGateways": "lgw-",
+    "networkNatGateways": "ng-",
+    "networkNetworkInterfaces": "nic-",
+    "networkNetworkSecurityGroups": "nsg-",
+    "networkNetworkSecurityGroupsSecurityRules": "nsgsr-",
+    "networkNetworkWatchers": "nw-",
+    "networkPrivateDnsZones": "pdnsz-",
+    "networkPrivateLinkServices": "pl-",
+    "networkPublicIPAddresses": "pip-",
+    "networkPublicIPPrefixes": "ippre-",
+    "networkRouteFilters": "rf-",
+    "networkRouteTables": "rt-",
+    "networkRouteTablesRoutes": "udr-",
+    "networkTrafficManagerProfiles": "traf-",
+    "networkVirtualNetworkGateways": "vgw-",
+    "networkVirtualNetworks": "vnet-",
+    "networkVirtualNetworksSubnets": "snet-",
+    "networkVirtualNetworksVirtualNetworkPeerings": "peer-",
+    "networkVirtualWans": "vwan-",
+    "networkVpnGateways": "vpng-",
+    "networkVpnGatewaysVpnConnections": "vcn-",
+    "networkVpnGatewaysVpnSites": "vst-",
+    "notificationHubsNamespaces": "ntfns-",
+    "notificationHubsNamespacesNotificationHubs": "ntf-",
+    "operationalInsightsWorkspaces": "log-",
+    "portalDashboards": "dash-",
+    "powerBIDedicatedCapacities": "pbi-",
+    "purviewAccounts": "pview-",
+    "recoveryServicesVaults": "rsv-",
+    "resourcesResourceGroups": "rg-",
+    "searchSearchServices": "srch-",
+    "serviceBusNamespaces": "sb-",
+    "serviceBusNamespacesQueues": "sbq-",
+    "serviceBusNamespacesTopics": "sbt-",
+    "serviceEndPointPolicies": "se-",
+    "serviceFabricClusters": "sf-",
+    "signalRServiceSignalR": "sigr",
+    "sqlManagedInstances": "sqlmi-",
+    "sqlServers": "sql-",
+    "sqlServersDataWarehouse": "sqldw-",
+    "sqlServersDatabases": "sqldb-",
+    "sqlServersDatabasesStretch": "sqlstrdb-",
+    "storageStorageAccounts": "st",
+    "storageStorageAccountsVm": "stvm",
+    "storSimpleManagers": "ssimp",
+    "streamAnalyticsCluster": "asa-",
+    "synapseWorkspaces": "syn",
+    "synapseWorkspacesAnalyticsWorkspaces": "synw",
+    "synapseWorkspacesSqlPoolsDedicated": "syndp",
+    "synapseWorkspacesSqlPoolsSpark": "synsp",
+    "timeSeriesInsightsEnvironments": "tsi-",
+    "webServerFarms": "plan-",
+    "webSitesAppService": "app-",
+    "webSitesAppServiceEnvironment": "ase-",
+    "webSitesFunctions": "func-",
+    "webStaticSites": "stapp-"
+}

Environments/AKS-Store-Demo/app/aks-managed-cluster.bicep

@@ -0,0 +1,136 @@
+metadata description = 'Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool.'
+@description('The name for the AKS managed cluster')
+param name string
+
+@description('The name of the resource group for the managed resources of the AKS cluster')
+param nodeResourceGroupName string = ''
+
+@description('The Azure region/location for the AKS resources')
+param location string = resourceGroup().location
+
+@description('Custom tags to apply to the AKS resources')
+param tags object = {}
+
+@description('Whether RBAC is enabled for local accounts')
+param enableRbac bool = true
+
+// Add-ons
+@description('Whether web app routing (preview) add-on is enabled')
+param webAppRoutingAddon bool = true
+
+// AAD Integration
+@description('Enable Azure Active Directory integration')
+param enableAad bool = false
+
+@description('Enable RBAC using AAD')
+param enableAzureRbac bool = false
+
+@description('The Tenant ID associated to the Azure Active Directory')
+param aadTenantId string = ''
+
+@description('The load balancer SKU to use for ingress into the AKS cluster')
+@allowed([ 'basic', 'standard' ])
+param loadBalancerSku string = 'standard'
+
+@description('Network plugin used for building the Kubernetes network.')
+@allowed([ 'azure', 'kubenet', 'none' ])
+param networkPlugin string = 'azure'
+
+@description('If set to true, getting static credentials will be disabled for this cluster.')
+param disableLocalAccounts bool = false
+
+@description('The managed cluster SKU.')
+@allowed([ 'Free', 'Paid', 'Standard' ])
+param sku string = 'Free'
+
+@description('Configuration of AKS add-ons')
+param addOns object = {}
+
+@description('The log analytics workspace id used for logging & monitoring')
+param workspaceId string = ''
+
+@description('The node pool configuration for the System agent pool')
+param systemPoolConfig object
+
+@description('The DNS prefix to associate with the AKS cluster')
+param dnsPrefix string = ''
+
+resource aks 'Microsoft.ContainerService/managedClusters@2023-03-02-preview' = {
+  name: name
+  location: location
+  tags: tags
+  identity: {
+    type: 'SystemAssigned'
+  }
+  sku: {
+    name: 'Base'
+    tier: sku
+  }
+  properties: {
+    nodeResourceGroup: !empty(nodeResourceGroupName) ? nodeResourceGroupName : 'rg-mc-${name}'
+    dnsPrefix: empty(dnsPrefix) ? '${name}-dns' : dnsPrefix
+    enableRBAC: enableRbac
+    aadProfile: enableAad ? {
+      managed: true
+      enableAzureRBAC: enableAzureRbac
+      tenantID: aadTenantId
+    } : null
+    agentPoolProfiles: [
+      systemPoolConfig
+    ]
+    networkProfile: {
+      loadBalancerSku: loadBalancerSku
+      networkPlugin: networkPlugin
+    }
+    disableLocalAccounts: disableLocalAccounts && enableAad
+    addonProfiles: addOns
+    securityProfile:{
+      workloadIdentity: {
+        enabled: true
+      }
+    }
+    oidcIssuerProfile: {
+      enabled: true
+    }
+  }
+}
+
+var aksDiagCategories = [
+  'cluster-autoscaler'
+  'kube-controller-manager'
+  'kube-audit-admin'
+  'guard'
+]
+
+// TODO: Update diagnostics to be its own module
+// Blocking issue: https://github.com/Azure/bicep/issues/622
+// Unable to pass in a `resource` scope or unable to use string interpolation in resource types
+resource diagnostics 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(workspaceId)) {
+  name: 'aks-diagnostics'
+  scope: aks
+  properties: {
+    workspaceId: workspaceId
+    logs: [for category in aksDiagCategories: {
+      category: category
+      enabled: true
+    }]
+    metrics: [
+      {
+        category: 'AllMetrics'
+        enabled: true
+      }
+    ]
+  }
+}
+
+@description('The resource name of the AKS cluster')
+output clusterName string = aks.name
+
+@description('The AKS cluster identity')
+output clusterIdentity object = {
+  clientId: aks.properties.identityProfile.kubeletidentity.clientId
+  objectId: aks.properties.identityProfile.kubeletidentity.objectId
+  resourceId: aks.properties.identityProfile.kubeletidentity.resourceId
+}
+
+output clusterId string = aks.id

Environments/AKS-Store-Demo/app/db.bicep

@@ -0,0 +1,55 @@
+@allowed([
+  'MongoDB'
+  'GlobalDocumentDB'
+])
+param kind string
+param resourceToken string
+param location string
+param keyVaultName string
+param tags object = {}
+param cosmosDatabaseName string = 'orderdb'
+
+@description('The collections to create in the database')
+param collections array = [
+  {
+    id: 'orders'
+    name: 'orders'
+    shardKey: 'Hash'
+    indexKey: '_id'
+    throughput: 400
+  }
+]
+
+// the application database
+module cosmosMongo '../core/database/cosmos/mongo/cosmos-mongo-db.bicep' = if(kind == 'MongoDB') {
+  name: 'cosmos-mongo'
+  params: {
+    accountName: 'cosmos-${resourceToken}'
+    databaseName: cosmosDatabaseName
+    location: location
+    collections: collections
+    tags: tags
+    keyVaultName: keyVaultName
+  }
+}
+
+module cosmosSql '../core/database/cosmos/sql/cosmos-sql-db.bicep' = if(kind == 'GlobalDocumentDB') {
+  name: 'cosmos-sql'
+  params: {
+    accountName: 'cosmos-${resourceToken}'
+    databaseName: cosmosDatabaseName
+    location: location
+    containers: [
+      {
+        name: 'orders'
+        id: 'orders'
+        partitionKey: '/storeId'
+      }
+    ]
+    tags: tags
+    keyVaultName: keyVaultName
+  }
+}
+
+output name string = 'cosmos-${resourceToken}'
+output endpoint string = kind == 'MongoDB' ? 'mongodb://cosmos-${resourceToken}.mongo.cosmos.azure.com:10255/?retryWrites=false' : 'https://cosmos-${resourceToken}.documents.azure.com:443/'

Environments/AKS-Store-Demo/app/get-keys.bicep

@@ -0,0 +1,35 @@
+param openAiName string
+param openAiKeyName string = 'AZURE-OPENAI-KEY'
+param cosmosAccountName string
+param cosmosKeyName string = 'AZURE-COSMOS-KEY'
+param keyVaultName string
+
+resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' existing = {
+  name: openAiName
+}
+
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
+  name: cosmosAccountName
+}
+
+// create key vault secrets
+module openAiKey '../core/security/keyvault-secret.bicep' = {
+  name: 'openAiKey'
+  params: {
+    name: openAiKeyName
+    keyVaultName: keyVaultName
+    secretValue: account.listKeys().key1
+  }
+}
+
+module cosmosKey '../core/security/keyvault-secret.bicep' = {
+  name: 'cosmosKey'
+  params: {
+    name: cosmosKeyName
+    keyVaultName: keyVaultName
+    secretValue: cosmos.listKeys().primaryMasterKey
+  }
+}
+
+output openAiKey string = openAiKeyName
+output cosmosKey string = cosmosKeyName